Cloudy distinctions with off-site and hosted access control

Tuesday, December 30, 2014

YARMOUTH, Maine—The question of whether cloud-based security systems are synonymous with Web-based access control or hosted systems is one that still hangs over the security industry—like a cloud. It’s not a dark cloud, but sometimes it gets in the way of clarity.

“You’re not sure anymore,” said Dave Koenig, partner at Capital Fire and Security, an integrator based in Madison, Wisconsin. “The ‘cloud,’” he said, “is kind of a buzz term now.”

According to Blake Kozak, senior analyst at IHS Industrial and Medical Technical Group, the distinguishing characteristic of a cloud-based access control system is that “everything is off premise,” including the software and the servicing.

For most end users, that characteristic also qualifies as a main advantage over traditional Web-based access control systems. “It’s out of sight, out of mind,” Kozak said.

“From the point of view of most end users, they don’t really care” who or what is managing the internal software machinations of their security network, Kozak said. “If it’s a high-end user, they’re going to have a security manager anyway who understands” the management, maintenance and integration of Web-based services.

In a true cloud system, everyone’s information is managed through one server, off site, with one software update for everyone, simultaneously. This may make sense for what Kozak calls “a mom and pop” small company, which “will care about security—not how it’s done.”

“When I think of Web-based access control, I think of a server farm somewhere with all the pipes and software personnel,” Koenig said. “It depends on what kind of server capability you have. A lot of people mix managed services with cloud. They’re two different things, even though they’re both over the Web.”

“As soon as you say cloud, it’s off premise,” said Koenig, reiterating Kozak’s assessment. “In the original world of cloud-based systems, the PC was in someone’s office, almost always managed by a client, not integrated (with other systems).”

Capital Fire and Security, Koenig noted, does a lot of business with property management companies that are more than happy to have their data systems in the cloud. “They don’t want to become experts in card access,” he said.

Koenig believes that difference between managed access control and cloud-based access control is a matter of semantics. “I don’t think there’s truly a difference between the two,” he said.

Steve Van Till, president and CEO of Brivo Labs, based in Bethesda, Md., agrees with Koenig, but takes the “semantics” assessment one step further.

“A lot of people are confused,” Van Till said. “There’s legitimate confusion, and then there’s confusion created by dishonest marketing. … A lot of companies are doing Web-based services and calling themselves cloud.”

The legitimate confusion, Van Till noted, is on the part of “non-technical” end users “who can’t see anything past their browsers.”

“The cloud is a data center with applications and data bases (connected to) multiple data centers,” Van Till said. In a non-cloud or Web-based access control system “you are talking to a single embedded device directly on an internal corporate network—for example, a stand-alone control panel with limited feature sets and no redundancy. You’re still accessing the system through a browser, but that’s where the similarity to cloud systems ends.”

The classic benefit to a cloud based system, Van Till said, is “economies of scale. It’s a single system that takes the place of hundreds of thousands of individual servers.” He noted that there’s also lower maintenance costs for the end user. “The lifetime costs of maintaining a server can be ten times the purchase cost,” a reality that makes farming out attractive.

Cloud-based systems also have automated upgrades for their multiple servers, simultaneously, “typically done without anyone experiencing any downtime,” Van Till said.

Regarding the difference between “hosted” and “managed” access control, Van Till likened managed access “to having someone do your e-commerce shopping for you,” he said, “which misses the whole point of e-commerce, which is self-service.” In fact, managed access can actually be more difficult to use, he said. “Ask yourself, would you rather click on a few buttons on a Web site or fax someone and ask them to do the same thing on your behalf?” The latter, Van Till suggested, is a fair analogy to managed access control.

F. Patrick Mahoney, senior associate at CannonDesign in Chicago, designs security systems that integrators install.

His company has not yet ventured into cloud-based systems, although they have studied a number of opportunities.

“In my mind, in the cloud everything is hosted,” Mahoney said. “You are relieved of the power requirements, the cooling responsibilities, the backup, the hardware and the security for all those systems. When I think of Web-based, you still get a lot through your browser but you are not relieved of some of those responsibilities.”